McAfee has recorded a growth increase in the number of attacks on Remote Desktop Protocol (RDP) ports exposed to the internet. The study has highlighted yet another way in which cyber-criminals are exploiting the huge increase in people working from home as a result of COVID-19.
RDP ports are a vital means for many businesses to enable their employees to work from home, as they allow communication with a remote system. RDP ports are often exposed to the internet, which provides opportunities for attackers. With the sudden requirement to have large proportions of their staff working from home, McAfee believes it is likely that many organizations brought these systems online quickly with minimal security checks in place.
In total,
the report showed that the number of RDP ports exposed to the internet grew from three million to 4.5 million in the period from January to March 2020. This led to a growth in attacks against RDP ports as well as an increase in the volume of RDP credentials sold on underground markets.
The country which had the most stolen credentials in this period was was China, followed by Brazil and Hong Kong. McAfee also looked into the methods attackers are using to breach RDP systems. Primarily access was gained due to weak passwords such as NULL123, P@ssw0rd and 123456. The security software company was also alarmed to find many vulnerable RDP systems did not even have a password. In addition, breaches were caused by vulnerabilities and lack of patching.
McAfee commented: “RDP remains one of the most used vectors to breach into organizations. For attackers, this is a simple solution to quickly perform malicious activities such as malware, spam spreading or other types of crime.“There is currently a whole business around RDP on the underground market and the current situation has amplified this behavior. To stay protected, it is essential to follow best security practices, starting with the basics, such as using strong passwords and patching vulnerabilities.”
